Merge "[ipsec-doze] Add fchown to IpSecService to support doze" am: 4edb4c8ec4

am: 5949912523 Change-Id: I9036fc2768dd9664ab7407b359f3c689c7ce700e
author: Benedict Wong <benedictwong@google.com> 2017-12-20 18:42:26 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-12-20 18:42:26 +0000
commit: 53a0c205173f1bc4f26d64c7c9b979cd9562f1b0 (patch)
tree: b312f75ea49783204ab235ed3f05e37671432c30
parent: 875fd19c48c58065f04a2d30766f35a002d303c7 (diff)
parent: 5949912523e76680a61f3c511c4a3fda3b2131c8 (diff)
2 files changed, 30 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java
index a76480836850..d3ab1259c9ed 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java
@@ -988,12 +988,6 @@ public class IpSecService extends IIpSecService.Stub {
             sockFd = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
             mUidFdTagger.tag(sockFd, callingUid);
 
-            if (port != 0) {
-                Log.v(TAG, "Binding to port " + port);
-                Os.bind(sockFd, INADDR_ANY, port);
-            } else {
-                port = bindToRandomPort(sockFd);
-            }
             // This code is common to both the unspecified and specified port cases
             Os.setsockoptInt(
                     sockFd,
@@ -1001,6 +995,14 @@ public class IpSecService extends IIpSecService.Stub {
                     OsConstants.UDP_ENCAP,
                     OsConstants.UDP_ENCAP_ESPINUDP);
 
+            mSrvConfig.getNetdInstance().ipSecSetEncapSocketOwner(sockFd, callingUid);
+            if (port != 0) {
+                Log.v(TAG, "Binding to port " + port);
+                Os.bind(sockFd, INADDR_ANY, port);
+            } else {
+                port = bindToRandomPort(sockFd);
+            }
+
             userRecord.mEncapSocketRecords.put(
                     resourceId,
                     new RefcountedResource<EncapSocketRecord>(
diff --git a/tests/net/java/com/android/server/IpSecServiceTest.java b/tests/net/java/com/android/server/IpSecServiceTest.java
index f38a9a346f5b..5d1e10eab572 100644
--- a/tests/net/java/com/android/server/IpSecServiceTest.java
+++ b/tests/net/java/com/android/server/IpSecServiceTest.java
@@ -475,4 +475,26 @@ public class IpSecServiceTest {
         testIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId);
         udpEncapResp.fileDescriptor.close();
     }
+
+    @Test
+    public void testOpenUdpEncapsulationSocketCallsSetEncapSocketOwner() throws Exception {
+        IpSecUdpEncapResponse udpEncapResp =
+                mIpSecService.openUdpEncapsulationSocket(0, new Binder());
+
+        FileDescriptor sockFd = udpEncapResp.fileDescriptor.getFileDescriptor();
+        ArgumentMatcher<FileDescriptor> fdMatcher = (arg) -> {
+                    try {
+                        StructStat sockStat = Os.fstat(sockFd);
+                        StructStat argStat = Os.fstat(arg);
+
+                        return sockStat.st_ino == argStat.st_ino
+                                && sockStat.st_dev == argStat.st_dev;
+                    } catch (ErrnoException e) {
+                        return false;
+                    }
+                };
+
+        verify(mMockNetd).ipSecSetEncapSocketOwner(argThat(fdMatcher), eq(Os.getuid()));
+        mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId);
+    }
 }
author	Benedict Wong <benedictwong@google.com>	2017-12-20 18:42:26 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-12-20 18:42:26 +0000
commit	53a0c205173f1bc4f26d64c7c9b979cd9562f1b0 (patch)
tree	b312f75ea49783204ab235ed3f05e37671432c30
parent	875fd19c48c58065f04a2d30766f35a002d303c7 (diff)
parent	5949912523e76680a61f3c511c4a3fda3b2131c8 (diff)